Chinese Hacking Threatens U.S. Economy and National Security

Security firm Mandiant outlined in extraordinary detail recent attacks orchestrated by a Chinese military group against U.S. organizations to steal intellectual property in recent months.

According to Mandiant's hefty 60-page report, APT1 is a professional hacking crew operating in China with the full knowledge of the Chinese government. As PCMag reported earlier, the group has been linked to at least 141 attacks against companies since 2006 across a broad range of industries, stealing sensitive corporate documents, and launching attacks, Mandiant said.

The report contains some of the most extensive accusations against China's cadre of cyber-spies, including a timeline of attacks and extensive details of the techniques and malware used by the group. Mandiant identified the group as a military "Network Operations" unit of the People's Liberation Army known as "Unit 61398." Operating out of an office building in Shanghai, this group most likely was operating with the full blessing of the government and was, in all likelihood, part of the PLA, Mandiant said.

Mandiant's report is the "smoking gun," and clearly lays out the evidence about this one particular group from China, Anup Ghosh, chief scientist of Invincea, told SecurityWatch.

We can now "take off the table the demand for 'conclusive proof'" that China is behind some of the recent attacks, as "we now have it," Ghosh said. "The onus is now on Obama and the government to take it seriously," he said.

Every time there is an incident or someone is compromised, the finger pointed is always at China, and China always had this rote response that they don't do that, but "this report lays it all out on the table," Ghosh added.

It may not be something to take to the courts yet, but there is a lot of evidence jam-packed between those pages.

"Our research corroborates much of what was presented in the Mandiant APT1 report," Will Gragido, senior manager at RSA FirstWatch, told SecurityWatch. Gragido said there are several threat actor groups operating in China, but it is unclear "how closely related they are to the government or not." While more research is necessary to conclusively understand who the threat actors are and their affiliations, Mandiant's research "is sound," Gragido said.

Government Needs to ActMandiant's report is a "call to action" to those organizations not aware of the extent of the problem, Gragido said. Considering the volume of data suggesting a "very specific threat actor group is responsible for what amounts to thievery on a grand scale," the report "should act as a wakeup call for the industry and for all parties concerned with curtailing this type of behavior," he said.

The government now needs to "use all levels of diplomacy to put pressure on China to lay off our intellectual property," Ghosh said. In the simplest terms, the actions of this group are clear signs of a trade war as China was "systematically stealing secrets from our companies," he said.

The report outlined a serious economic threat as well as a security one. Stealing data from federal organizations and the private sector is plain economic trade warfare and will have repercussions on various industries, including healthcare, manufacturing, pharmaceuticals, and financial services, Ghosh said.

The group also targeted critical infrastructure, which would be considered an act of espionage and "pre-planning for war," Ghosh said.

"This is a national security threat. It isn't just economic anymore," he said.

Trend Towards Full DisclosureThe report is ground-breaking not just because Mandiant laid out the case for who is responsible for the attacks, but because of the "tremendous detail" provided in how they were carried out, John Worrall, chief marketing officer of Cyber-Ark Software, told SecurityWatch. Knowing who the attacker is can be helpful in designing a security architecture protecting the targeted assets, whether it is money, intellectual property, or personal data, Worrall said.

The report highlighted how critical full disclosure was when companies and governments are attacked. There needs to be more information beyond "I got hacked," to include "how I got hacked," so that the industry knows who is doing the hacking and what was used, Ghosh said. As more of this type of information becomes public, there will "a lot of impetus" to put pressure and demand accountability, Ghosh said.

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service

//Stay Connected

Get Product Reviews, Deals, & the Latest News from PCMag

sign up

Plus, get a free copy of PCMag for your iPhone or iPad today.

Offer valid for new PCMag app downloads only. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy.

THANK YOU FOR SUBSCRIBING!

Please follow this link (or search for the PC Magazine app on your iPad or iPhone) to get your free issue. Offer valid for new app downloads.

//Featured Programs

//our current issue

Select Term:

24 issues for $29.99 ONLY $1.25 an issue! Lock in Your Savings!

12 issues for $19.99ONLY $1.67 an issue!

State

Country

This transaction is secure

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service